Since many of our customers wanted a non-5xx error code for quota policy violation, we introduced a new feature which allows you to override the default 500 status code with a 429 status code. This can be done by setting an organization level feature flag: features.isHTTPStatusTooManyRequestEnabled

This has already been there in our platform for a while, and now we want to turn on the 429 status as the default, which means whether or not you have the org level feature flag the quota policy would return a 429 status code instead of 500. This is the desired behaviour and eliminates the need for customers to call Apigee Support to get the changes done.

This can break existing proxy bundles where customers may be checking for the http status and returning specific error messages or performing custom actions like generating an "email alert", or "logging to syslog" or other such actions. Those bundles would need to be modified in order to check for the new status code. Please note that change would not impact error or error description or any of the flow variables that get set during the quota violation, the only change is the Http status code that you see above.

If you have clients connecting to your API that depend on the 500 status code to trigger a retry or other custom logic, you could continue to have the existing behaviour by introducing a "RaiseFault" policy as demonstrated below:

Feel free to put in your own json response payload instead of the standard one depending on what your client is expecting. You can add this RaiseFault policy in the fault rules with a condition which matches the Quota violation. Refer to the flow below:

This change is going to be rolled out soon, so you can start making your proxy changes now. If your clients expect a "HTTP/1.1 429 Too Many Requests" error and you have already enabled that using the org level feature flag then you DO NOT need to take any action. For folks who want to continue to get a "500 Internal Server Error" response when the quota violation happens, they need to make the changes suggested above.

I am also attaching the sample api proxy incase it helps folks to try out the changes themselves before applying them on the actual proxies.quota429-rev1-2016-05-06.zip